Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/BqzYP-st59llEdOgSuYGK1V-P5g.roa
File:                     BqzYP-st59llEdOgSuYGK1V-P5g.roa (raw, json)
Hash identifier:          qGS7emAZlQykpuIOs8TUhx+0wyk9hwALxCy9BRPhyKE=
Subject key identifier:   06:AC:D8:3F:EB:2D:E7:D9:65:11:D3:A0:4A:E6:06:2B:55:7E:3F:98
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC7952AE7965B5C0A69B3AF41A85EA6ED
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/BqzYP-st59llEdOgSuYGK1V-P5g.roa
Signing time:             Tue 02 Jan 2024 00:31:30 +0000
ROA not before:           Tue 02 Jan 2024 00:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51765
IP address blocks:        193.233.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:03:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:2a:e7:96:5b:5c:0a:69:b3:af:41:a8:5e:a6:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06acd83feb2de7d96511d3a04ae6062b557e3f98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2d:42:95:7d:a6:9b:f1:ff:0e:62:f0:8d:91:
                    99:ca:11:ad:73:35:37:4a:a4:6d:fa:69:5d:3c:c6:
                    2b:d6:7e:61:eb:fd:df:34:9e:52:74:d2:ea:6b:7c:
                    e3:2b:29:b5:34:0d:60:e8:aa:58:6e:ab:17:7d:2e:
                    5b:71:60:80:2f:50:55:d7:f1:42:7e:ce:bd:dc:3a:
                    11:87:ee:b1:04:f8:e3:e9:3f:20:e8:52:df:63:0d:
                    7e:3e:8a:f1:86:65:5a:78:74:63:1d:ad:66:f1:e0:
                    9f:13:de:d8:cf:7e:44:de:34:32:28:38:10:fc:91:
                    03:50:59:29:b6:9f:5e:be:f4:b4:13:c0:d6:3c:e6:
                    b4:83:6c:64:10:26:b9:ef:4e:71:5e:7f:b2:e4:47:
                    c4:73:4c:cc:14:50:dc:85:bc:8d:0f:0a:de:48:78:
                    a8:51:1f:41:38:6d:40:2e:ba:02:84:8d:7b:c7:4d:
                    a5:0b:eb:fb:d0:83:c6:87:c5:cb:09:ec:dd:1e:64:
                    1c:af:4f:d1:bc:45:e4:d4:ea:ab:1f:c1:21:29:de:
                    ef:1a:14:ea:63:72:db:c1:e7:c9:50:47:da:77:01:
                    9f:92:a1:81:25:3a:95:7c:6b:ae:37:00:01:e5:09:
                    fb:bf:4d:02:22:bf:81:c4:61:3c:ae:0d:21:6d:0c:
                    35:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:AC:D8:3F:EB:2D:E7:D9:65:11:D3:A0:4A:E6:06:2B:55:7E:3F:98
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/BqzYP-st59llEdOgSuYGK1V-P5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:93:a6:c5:08:41:3c:95:26:7c:0f:b0:79:a2:d5:d9:b9:51:
         07:03:89:3d:2b:f1:2e:9b:5c:25:59:d4:60:36:91:b8:b8:1f:
         9c:50:05:bc:65:72:91:e4:88:2b:ad:1d:3f:d2:9d:2c:27:e6:
         72:d1:30:55:ee:58:c3:96:f4:4d:0b:c6:bb:a5:b9:28:b5:e4:
         78:79:a6:c1:fc:27:5c:e7:4a:ef:aa:c6:c7:5c:63:22:ba:41:
         98:68:4e:07:a0:e9:9d:01:22:a9:7d:fb:55:26:c8:ff:a5:06:
         5a:c8:e2:be:aa:ed:73:3e:6e:9b:8e:c0:ff:f7:d1:36:a0:0c:
         df:46:c0:0e:44:d8:88:a6:b6:97:fa:64:ee:14:db:61:22:74:
         62:ec:24:1c:8f:32:67:60:0d:93:1c:f9:b9:29:33:ff:8b:b1:
         6a:52:fe:4b:38:dc:fe:c7:56:a6:ad:2e:b5:11:f6:55:ce:e0:
         02:aa:53:6b:78:52:02:b6:d0:1f:c3:26:91:16:46:82:e5:16:
         a2:73:66:99:6f:02:e6:86:39:96:ab:30:5e:b1:6a:a3:01:ba:
         08:86:a4:0b:b8:69:54:fa:e0:3c:7f:5f:59:64:ad:dd:42:8e:
         e8:f7:b0:b8:73:a3:28:07:87:d4:8a:8e:64:e5:18:aa:d6:20:
         b6:7d:a8:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSrnlltcCmmzr0GoXqbtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmFjZDgzZmViMmRlN2Q5NjUxMWQzYTA0YWU2MDYyYjU1N2UzZjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmy1ClX2mm/H/DmLwjZGZyhGtczU3
SqRt+mldPMYr1n5h6/3fNJ5SdNLqa3zjKym1NA1g6KpYbqsXfS5bcWCAL1BV1/FC
fs693DoRh+6xBPjj6T8g6FLfYw1+PorxhmVaeHRjHa1m8eCfE97Yz35E3jQyKDgQ
/JEDUFkptp9evvS0E8DWPOa0g2xkECa5705xXn+y5EfEc0zMFFDchbyNDwreSHio
UR9BOG1ALroChI17x02lC+v70IPGh8XLCezdHmQcr0/RvEXk1OqrH8EhKd7vGhTq
Y3LbwefJUEfadwGfkqGBJTqVfGuuNwAB5Qn7v00CIr+BxGE8rg0hbQw1IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAas2D/rLefZZRHToErmBitVfj+YMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvQnF6WVAtc3Q1OWxsRWRPZ1N1WUdLMVYtUDVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwekXMA0G
CSqGSIb3DQEBCwUAA4IBAQAKk6bFCEE8lSZ8D7B5otXZuVEHA4k9K/Eum1wlWdRg
NpG4uB+cUAW8ZXKR5IgrrR0/0p0sJ+Zy0TBV7ljDlvRNC8a7pbkoteR4eabB/Cdc
50rvqsbHXGMiukGYaE4HoOmdASKpfftVJsj/pQZayOK+qu1zPm6bjsD/99E2oAzf
RsAORNiIpraX+mTuFNthInRi7CQcjzJnYA2THPm5KTP/i7FqUv5LONz+x1amrS61
EfZVzuACqlNreFICttAfwyaRFkaC5Raic2aZbwLmhjmWqzBesWqjAboIhqQLuGlU
+uA8f19ZZK3dQo7o97C4c6MoB4fUio5k5Riq1iC2fajq
-----END CERTIFICATE-----